Channels

Services

Security updates for Bugzilla

The developers of the Bugzilla open source bug tracking system have released versions 3.0.9, 3.2.5 and 3.4.2, which fix SQL injection vulnerabilities and remove a means of sniffing out a user's password.

The SQL injection vulnerabilities can be used to gain access to the database, allowing attackers to discover, change and delete content. It may also be possible to use this vulnerability to expose confidential data, such as the Mozilla Foundation's data on critical vulnerabilities in Firefox. The developers classify one of the SQL bugs as critical and are therefore advising all users to install the updates as soon as possible.